OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.
References
Link | Resource |
---|---|
https://github.com/yaxuan404/OTCMS_3.2 | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-03-24 15:29
Updated : 2018-04-18 08:22
NVD link : CVE-2018-8973
Mitre link : CVE-2018-8973
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
otcms
- otcms